How severe is CVE-2020-3503?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2020-3503?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2020-3503 - MEDIUM Severity | CVSS 6

Vulnerability Description

A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.

Related Vulnerabilities

CVE-2021-34724

MEDIUM

CVSS:6.0(Medium)

A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root use...

CWE-2842021

CVE-2023-31346

MEDIUM

CVSS:6.0(Medium)

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

CWE-2842023

CVE-2024-28016

MEDIUM

CVSS:6.0(Medium)

Improper Access Controlvulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, ...

CWE-2842024

CVE-2024-30211

MEDIUM

CVSS:6.0(Medium)

Improper access control in some Intel(R) ME driver pack installer engines before version 2422.6.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-2842024

CVE-2024-40825

MEDIUM

CVSS:6.0(Medium)

The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents of system files.

CWE-2842024

CVE-2025-21573

MEDIUM

CVSS:6.0(Medium)

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 5.1.0.0.0...

CWE-2842025